CVE-2021-22899 - Ivanti Pulse Connect Secure Command Injection Vulnerability -

Action Due Apr 23, 2021 Target Vendor : Ivanti

Description : Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22899

CVE-2019-11539 - Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : Ivanti

Description : Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-11539

CVE-2021-1906 - Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Qualcomm

Description : Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failure.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-1906

CVE-2021-1905 - Qualcomm Multiple Chipsets Use-After-Free Vulnerability -

Action Due May 03, 2022 Target Vendor : Qualcomm

Description : Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-1905

CVE-2020-10221 - rConfig OS Command Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : rConfig

Description : rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-10221

CVE-2021-35395 - Realtek AP-Router SDK Buffer Overflow Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Realtek

Description : Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-35395

CVE-2017-16651 - Roundcube Webmail File Disclosure Vulnerability -

Action Due May 03, 2022 Target Vendor : Roundcube

Description : Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-16651

CVE-2020-11652 - SaltStack Salt Path Traversal Vulnerability -

Action Due May 03, 2022 Target Vendor : SaltStack

Description : SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-11652

CVE-2020-16846 - SaltStack Salt Shell Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : SaltStack

Description : SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-16846

CVE-2018-2380 - SAP Customer Relationship Management (CRM) Path Traversal Vulnerability -

Action Due May 03, 2022 Target Vendor : SAP

Description : SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-2380

CVE-2010-5326 - SAP NetWeaver Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : SAP

Description : SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-5326

CVE-2016-9563 - SAP NetWeaver XML External Entity (XXE) Vulnerability -

Action Due May 03, 2022 Target Vendor : SAP

Description : SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity (XXE) attacks.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-9563

CVE-2020-6287 - SAP NetWeaver Missing Authentication for Critical Function Vulnerability -

Action Due May 03, 2022 Target Vendor : SAP

Description : SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-6287

CVE-2020-6207 - SAP Solution Manager Missing Authentication for Critical Function Vulnerability -

Action Due May 03, 2022 Target Vendor : SAP

Description : SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-6207

CVE-2019-16256 - SIMalliance Toolbox Browser Command Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : SIMalliance

Description : SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-16256

CVE-2020-10148 - SolarWinds Orion Authentication Bypass Vulnerability -

Action Due May 03, 2022 Target Vendor : SolarWinds

Description : SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-10148

CVE-2021-35211 - SolarWinds Serv-U Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : SolarWinds

Description : SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-35211

CVE-2016-3643 - SolarWinds Virtualization Manager Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : SolarWinds

Description : SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-3643

CVE-2020-10199 - Sonatype Nexus Repository Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Sonatype

Description : Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-10199

CVE-2019-7481 - SonicWall SMA100 SQL Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : SonicWall

Description : SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7481